|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Win 98 & ME Support Find support for Windows 98 / ME here |
 |
|
|
LinkBack | Thread Tools |
11-21-2003, 03:47 PM
|
#1 (permalink) |
|
Registered User
Join Date: Nov 2003
Location: Toronto, Ontario
Posts: 68
OS: Xp Home SP2
|
A friends comp
I'm at a friends place and ran HJT. Can someone help me with this log please?
Logfile of HijackThis v1.97.7 Scan saved at 5:55:26 PM, on 21/11/2003 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v5.50 (5.50.4134.0100) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE C:\WINDOWS\SYSTEM\LEXBCES.EXE C:\WINDOWS\SYSTEM\RPCSS.EXE C:\WINDOWS\SYSTEM\LEXPPS.EXE C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\SYSTEM\HIDSERV.EXE D:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE D:\LOGITECH\ITOUCH\ITOUCH.EXE D:\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE C:\PROGRAM FILES\ALCATEL\SPEEDTOUCH USB\DRAGDIAG.EXE C:\WINDOWS\LOADQM.EXE C:\PROGRAM FILES\COMMON FILES\ADAPTEC SHARED\CREATECD\CREATECD50.EXE D:\PROGRAM FILES\INTRIGUE LEARNING\PCBODYGUARD.EXE C:\WINDOWS\SYSTEM\LXSUPMON.EXE C:\PROGRAM FILES\SAVE\SAVE.EXE C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE C:\WINDOWS\SYSTEM\PSTORES.EXE C:\PROGRAM FILES\SYMPATICO\ACCESS MANAGER\APP\ENTERNET.EXE C:\PROGRAM FILES\NETSCAPE\NETSCAPE\NETSCP.EXE C:\WINDOWS\SBNET\SHOWBEHIND.EXE C:\ZIPITPRO\ZIPITFAST.EXE C:\WINDOWS\TEMP\ZTV3291\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchgateway.net/search/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchgateway.net/search/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.worldusa.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir...5.5&ar=msnhome R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchgateway.net/search/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchgateway.net/search/%s N1 - Netscape 4: user_pref("browser.startup.homepage", "www1.sympatico.ca"); (D:\Program Files\Sympatico\Users\r.lawrence@sympatico.ca\prefs.js) O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [NAV Agent] D:\PROGRA~1\NORTON~1\NAVAPW32.EXE O4 - HKLM\..\Run: [zBrowser Launcher] D:\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [EM_EXEC] D:\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [CreateCD50] C:\PROGRA~1\COMMON~1\ADAPTE~1\CREATECD\CREATE~1.EXE -r O4 - HKLM\..\Run: [PCBG] D:\PROGRAM FILES\INTRIGUE LEARNING\pcbodyguard.exe /start O4 - HKLM\..\Run: [LexStart] LexStart.EXE O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\SYSTEM\LXSUPMON.EXE RUN O4 - HKLM\..\Run: [WhenUSave] C:\PROGRA~1\SAVE\Save.exe O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP O4 - HKLM\..\Run: [ShowBehind] C:\WINDOWS\SBNET\SHOWBEHIND.EXE O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O9 - Extra button: Real.com (HKLM) O9 - Extra button: Yahoo! Messenger (HKLM) O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM) O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
11-21-2003, 03:59 PM
|
#2 (permalink) |
|
Member
Join Date: Sep 2003
Location: Brussels/Belgium/Europe
Posts: 165
OS: XP Pro SP1
|
O.K. thank you for your request !
Is this the way a forum should work ? Just pull in the junk and than hope that someone will take care of it ? Well just RQF first and try to figure it out yourself !
__________________
What's a life without computers ? |
|
|
|
|
11-22-2003, 05:42 AM
|
#4 (permalink) |
|
Old Timer
Join Date: Sep 2003
Location: Northern Arizona
Posts: 7,958
OS: Vista Home Premium, SP 27
|
Lots of little spyware critters running around there.
Have your friend download Spybot from the link below. Have it check for updates online before the scan . Then scan for problems have have Spybot fix everything in red.. Paste a new HJT log here and we'll look for stragglers. Welcome to TSF! |
|
|
|
|
11-22-2003, 09:08 AM
|
#5 (permalink) |
|
Member
Join Date: Nov 2003
Location: Michigan
Posts: 137
OS: windows xp
|
RE: Speedo
It's to bad all these programs don't come with help files! Or maybe they could have a tutorial online............What a unique concept, Ya think......................
There are many tutorials available online. All it takes is a little research to find them. However, even with the tutorials, you'll still have to study to become affective reading these logs. If you would like, I'd be happy to gather the URLs for using HJT and the other great tools. Just say the word! I'm well on my way to learning this technique, thanks to a friend on this board. |
|
|
|
|
11-22-2003, 09:14 AM
|
#6 (permalink) |
|
Registered User
Join Date: Nov 2003
Location: Toronto, Ontario
Posts: 68
OS: Xp Home SP2
|
I ran Spybot and repaired the RED items. There were only 806. Anyhow here is my next HJT log.
Logfile of HijackThis v1.97.7 Scan saved at 11:01:06 AM, on 22/11/2003 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v5.50 (5.50.4134.0100) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\SYSTEM\HIDSERV.EXE D:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE D:\LOGITECH\ITOUCH\ITOUCH.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE D:\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE C:\PROGRAM FILES\ALCATEL\SPEEDTOUCH USB\DRAGDIAG.EXE C:\WINDOWS\LOADQM.EXE C:\PROGRAM FILES\COMMON FILES\ADAPTEC SHARED\CREATECD\CREATECD50.EXE D:\PROGRAM FILES\INTRIGUE LEARNING\PCBODYGUARD.EXE C:\WINDOWS\SYSTEM\LXSUPMON.EXE C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE C:\WINDOWS\SYSTEM\LEXBCES.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\RPCSS.EXE C:\WINDOWS\SYSTEM\PSTORES.EXE C:\WINDOWS\SYSTEM\LEXPPS.EXE C:\PROGRAM FILES\SYMPATICO\ACCESS MANAGER\APP\ENTERNET.EXE C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE C:\HIJACKTHIS\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.sympatico.ca/ N1 - Netscape 4: user_pref("browser.startup.homepage", "www1.sympatico.ca"); (D:\Program Files\Sympatico\Users\r.lawrence@sympatico.ca\prefs.js) O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [NAV Agent] D:\PROGRA~1\NORTON~1\NAVAPW32.EXE O4 - HKLM\..\Run: [zBrowser Launcher] D:\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [EM_EXEC] D:\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [CreateCD50] C:\PROGRA~1\COMMON~1\ADAPTE~1\CREATECD\CREATE~1.EXE -r O4 - HKLM\..\Run: [PCBG] D:\PROGRAM FILES\INTRIGUE LEARNING\pcbodyguard.exe /start O4 - HKLM\..\Run: [LexStart] LexStart.EXE O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\SYSTEM\LXSUPMON.EXE RUN O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe O4 - HKLM\..\Run: [SpyHunter] D:\PROGRAM FILES\SPYHUNTER\SPYHUNTER.exe O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe O9 - Extra button: Real.com (HKLM) O9 - Extra button: Yahoo! Messenger (HKLM) O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM) O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab I would really appreciate so documentation alteast for HiJackThis. But th more i can find the more it'll help. Thank You very greatly guys. I not only appreciate it, my friend does too. |
|
|
|
|
11-22-2003, 03:43 PM
|
#8 (permalink) |
|
Registered User
Join Date: Nov 2003
Location: Toronto, Ontario
Posts: 68
OS: Xp Home SP2
|
I also found a folder D:\program files\ cool. It contains :
Coolbos.dll coolbucky.dll CoolHttp.dll CoolICQ.dll Coolpeer.dll Coolsocket.dll CoolSOS.dll CoolTih.dll Any Idea what this is for? |
|
|
|
|
11-22-2003, 05:31 PM
|
#9 (permalink) |
|
Old Timer
Join Date: Sep 2003
Location: Northern Arizona
Posts: 7,958
OS: Vista Home Premium, SP 27
|
First, to everyone on this board, we currently have three people to read these logs; we need 6 or 8. It is a commitment, but it is a very satisfying commitment. Let us know.
Danrak, we may need some better way to communicate that individual PM's. Put on your thinking cap! Now, on with the show! |
|
|
|
|
11-22-2003, 05:42 PM
|
#10 (permalink) |
|
Old Timer
Join Date: Sep 2003
Location: Northern Arizona
Posts: 7,958
OS: Vista Home Premium, SP 27
|
Spybot got them all!
The dll's you found are related to games downloaded over the netscape network. Tell your friend to drive the computer around the block and see how it handles. If there are any further problems, come on back! Just between you and me, I'm a bit nervous. 806 repairs to an ME system...well, it might never be the same again. Let's keep out fingers crossed... |
|
|
|
|
11-22-2003, 09:23 PM
|
#11 (permalink) |
|
Member
Join Date: Nov 2003
Location: Michigan
Posts: 137
OS: windows xp
|
RE: Friend's comp
Sorry its taken me so long to get back to you. College football is big in my house and I had family over to watch the games. Ok, you requested some documentation. First off, I'm not going to attempt to explain everything .... but I will give you some tips I've learned.
The part of the log that we are most concerned with is the lower half where HJT breaks things down and organizes it according to the type of item it is. The tutorial for reading this log is found HERE. There are several other logs and tutorials that make the research a little easier. The first would be TonyK's BHO LIST. This names all known browser helper objects and whether you should keep it, get rid of it, or if its undetermined at this time. He also has a BHO.exe which makes it easy because you can paste the BHO's name in it and it auto searches his list. Its a GREAT tool! The next part I would like to draw attention to is the Startup items (04's). PacMan has compiled a great STARTUP LIST. Websearches will also help you sort a lot of this part out too. Other tools include "spybot search and destroy" and "adware." These programs will clean out a lot of the known spyware and really should always be run before anyone posts a HJT log. There is also a great website called ANSWERS THAT WORK that also can be a lot of help. I'm just getting started. At first, it all seems quite overwhelming because so much information is coming at you all at once. However, I've only been at it a few days and I've already got the basics down. This is a proven method to fixing bug related problems.... many that your antivirus will never find. Really, there is no magic wand. To learn this is going to take a little time and work. However, if you're willing to do the reading and studying required, its a great way to fight back against these nasty critters. Like jgvernonco said, we need 6 or 8 people who are willing to learn to read these logs. It is a commitment, but it is a very satisfying commitment. Let us know. |
|
|
|
|
11-23-2003, 08:35 AM
|
#12 (permalink) |
|
Registered User
Join Date: Nov 2003
Location: Toronto, Ontario
Posts: 68
OS: Xp Home SP2
|
Thanks for the links. I plan on learning as much as I can. So if I can help you guys out helping others I think it'll make your lives a tad easier. I know 806 items through spybot is rather rediculous on any operating system. I'm not the most computer literate person but the more documentation i can find and download I can start helping more people. Time is not a serious issue for me. Its just new programs are a pain in the *** for me and I'm getting used to these handy little "toys". My new threads will probably go back to the Windows XP forum.
Talk to y'all later |
|
|
|
|
04-08-2006, 03:29 PM
|
#14 (permalink) |
|
Registered User
Join Date: Apr 2006
Posts: 1
OS: Me
|
Man you dudes are tight man. I really appreciate the links. Im in Good Ol' San Anton and we are using computers to record music. Im the computer man while others lay vocals. I didnt bring my comp its still in Waco but it is in top notch shape because of guys like you, the best geeks in the world. Im a Hood Geek. Being a geek pays
|
|
|
|
|
| Thread Tools | |
|
|
